20180420

HTTP headers allow the client and the server to pass additional information with the request or the response. HTTP headers are parts of web traffic that carry information about the client’s browser, the page that was requested, the server, and software versions, cookie information, and session information.

For attackers, header manipulation typically focuses on changing the headers sent to a web server to take over sessions. This allows an attacker to pretend to be a legitimate client who is already logged on.

An attacker typically captures headers by using a packet capture tool or sniffer on an open network, by compromising a system and capturing them locally, or by performing a man-in-the-middle attack to place a system between the system he or she wants to capture from and the server that system is connecting to.

Did you find this tutorial helpful? Don’t forget to share your views with us.